Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control and Site Security

Published byScarlett Hoover Modified over 4 years ago

Similar presentations

Presentation on theme: "Access Control and Site Security"— Presentation transcript:

1 Access Control and Site Security
Chapter 2 Copyright 2002 Prentice-Hall

2 Figure 2-1: Access Control
Access control is the policy-driven limitation of access to systems, data, and dialogs Prevent attackers from gaining access, stopping them if they do

3 Figure 2-1: Access Control
First Steps Enumeration of Resources Each important resource must be listed Many firms did this during the Y2K crisis Very difficult to do Sensitivity of Each Resource The sensitivity of each resource must be assessed

4 Figure 2-1: Access Control
Who Should Have Access? A decision must be made over who should have access to each resource Can be made individual by individual More efficient to define by roles (logged-in users, system administrators, project team members, etc.)

5 Figure 2-1: Access Control
What Access Permissions (Authorizations) Should They Have? Access permissions (authorizations) define whether a role or individual should have any access at all and, if so, exactly what the role or individual should be allowed to do to the resource. Usually presented as a list of permissions for users to be able to do things (read, change, execute program, etc.) for each resource Each type of resource should have an access control policy (e.g., every router) for consistency

6 Figure 2-1: Access Control
How Should Access Control Be Implemented? For each resource, need an access protection plan for how to implement protection in keeping with the selected control policy For a file on a server, limit authorizations to a small group, harden the server against attack, use a firewall to thwart external attackers, etc.

7 Figure 2-1: Access Control
Policy-Based Access Control and Protection Have a specific access control policy and an access protection policy for each resource Focuses attention on each resource Guides the selection and configuration of firewalls and other protections Guides the periodic auditing and testing of protection plans

Download ppt "Access Control and Site Security"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.

Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Access Control and Site Security (Part 1) Thursday 1/17/2008) © Abdou Illia – Spring 2008.

Access Control and Site Security (Part 1) Thursday 1/17/2008) © Abdou Illia – Spring 2008.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.

Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.
Department Of Computer Engineering

Department Of Computer Engineering
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Similar presentations

Ads by Google